The SonicWall Capture Labs Threat Research Team have received reports of a new variant of the Satan ransomware. The Satan ransomware has been around since early 2017 but it was not until late 2017 that we have seen it adopt the use of the EternalBlue exploit kit. This is the same exploit kit that was and still is being used by ransomware such as WannaCry and BadRabbit and is being employed to penetrate more effectively through internal networks.

Infection Cycle:

Upon infection the trojan encrypts files on the system and prepends [satan_pro@mail.ru] to the original filename. After infection it displays the following text: